Académique Documents
Professionnel Documents
Culture Documents
UNIT - IV
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.1
Learning Objectives
• TCP extensions for high – speed networks, transaction –
oriented application, other new option in TCP.
• Network security at various layers:
Secure-HTTP
SSP, ESP
Authentication header
header,
Key distribution protocols,
Digital signatures, digital certificates.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.2
TCP
Port Numbers
Services
Sequence Numbers
Segments
Connection
Transition Diagram
Flow and Error Control
Silly Window Syndrome
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.3
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.1
MCA-206, Advanced Computer Networks
Stream Delivery
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.5
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.6
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.2
MCA-206, Advanced Computer Networks
TCP Segments
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.7
Example
Imagine a TCP connection is transferring a file of 6000 bytes.
The first byte is numbered 10010. What are the sequence
numbers for each segment if data are sent in five segments
with the first four segments carrying 1000 bytes and the last
segment carrying 2000 bytes?
The following shows the sequence number for each segment:
Segment 1 ==> sequence number: 10,010 (range: 10,010 to 11,009)
Segment 2 ==> sequence number: 11,010 (range: 11,010 to 12,009)
Segment 3 ==> sequence number: 12,010 (range: 12,010 to 13,009)
Segment 4 ==> sequence number: 13,010 (range: 13,010 to 14,009)
Segment 5 ==> sequence number: 14,010 (range: 14,010 to 16,009)
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.8
TCP
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.9
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.3
MCA-206, Advanced Computer Networks
TCP
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.10
TCP
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.11
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.12
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.4
MCA-206, Advanced Computer Networks
Control Field
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.13
Flag Description
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.14
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.15
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.5
MCA-206, Advanced Computer Networks
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.16
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.17
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.18
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.6
MCA-206, Advanced Computer Networks
TCP
Flow Control
Flow control regulates the amount of data a source can
send before receiving an acknowledgment from the
destination. TCP defines a window that is imposed on the
buffer of data delivered from the application program.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.19
TCP
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.20
Sender Buffer
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.21
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.7
MCA-206, Advanced Computer Networks
Receiver Window
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.22
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.23
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.24
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.8
MCA-206, Advanced Computer Networks
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.25
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.26
TCP
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.27
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.9
MCA-206, Advanced Computer Networks
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.28
TCP
Error Control
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.29
Lost Segment
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.30
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.10
MCA-206, Advanced Computer Networks
Lost Acknowledgment
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.31
TCP Timers
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.32
TCP Timers
TCP maintains seven timers for each connection:-
Connection-establishment timer: starts when a SYN is
sent to establish a new connection. If the sender doesn't
receive an ACK within 75 seconds, the connection
establishment is aborted.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.11
MCA-206, Advanced Computer Networks
TCP Timers
Persist timer: is set when the other end of a connection
advertise a zero window but it still has data to send. The
sender keeps probing the closed window during
a retransmission interval. Its value is calculated dynamically.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.34
TCP Timers
FIN_WAIT_2 timer: is set to 10 minutes when a connection
moves from the FIN_WAIT_1 state to the FIN_WAIT_2 state
and the connection cannot receive any more data. When this
timer expires it is reset to 75 seconds. When it expires, the
connection is dropped.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.35
TCP timers
• The delayed ACK timer is different from the other six
because when it is set a delayed ACK must be sent the
next time TCP's 300-ms timer expires.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.36
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.12
MCA-206, Advanced Computer Networks
TCP Extensions
•The significance of adding these extensions as options
rather than changing the core of the TCP header is that hosts
can still communicate using TCP even if they do not
implement the options.
•The two sides agree that they will use the options during
TCP’s connection establishment phase.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.37
TCP Extensions
•The first extension helps to improve TCP’s timeout
mechanism. Instead of measuring the RTT using a coarse-
grained event, TCP can read the actual system clock when it
is about to send a segment, and put this time—think of it as a
32-bit timestamp—in the segment’s header.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.38
TCP Extensions
•Note that the endpoints in the connection do not need
synchronized clocks, since the timestamp is written and read
at the same end of the connection.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.39
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.13
MCA-206, Advanced Computer Networks
TCP Extensions
•The second extension addresses the problem of TCP’s 32-
bit SequenceNum field wrapping around too soon on a high-
speed network. Rather than define a new 64-bit sequence
number field, TCP uses the 32-bit timestamp just described
to effectively extend the sequence number space.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.40
TCP Extensions
•Note that the timestamp is being used in this setting only to
protect against wraparound; it is not treated as part of the
sequence number for the purpose of ordering or
acknowledging data.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.41
TCP Extensions
•The third extension allows TCP to advertise a larger window,
thereby allowing it to fill larger delay × bandwidth pipes that
are made possible by high-speed networks. This extension
involves an option that defines a scaling factor for the
advertised window.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.42
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.14
MCA-206, Advanced Computer Networks
TCP Extensions
•In other words, the window scaling option specifies how
many bits each side should leftshift the AdvertisedWindow
field before using its contents to compute an effective
window.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.43
TCP Extensions
•The fourth extension allows TCP to augment its cumulative
acknowledgment with selective acknowledgments of any
additional segments that have been received but aren’t
contiguous with all previously received segments. This is the
selective acknowledgment, or SACK, option.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.44
TCP Extensions
•This allows the sender to retransmit just the segments that
are missing according to the selective acknowledgment.
Without SACK, there are only two reasonable strategies for a
sender.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.15
MCA-206, Advanced Computer Networks
TCP Extensions
•The other strategy is the optimistic strategy, which responds
to a timeout by retransmitting only the segment that timed
out.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.46
TCP Extensions
•It is slow because each segment’s loss is not discovered
until the sender receives an ACK for its retransmission of the
previous segment.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.47
Cryptography
•Cryptography
• Symmetric-Key Cryptography
• Asymmetric-Key Cryptography
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.48
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.16
MCA-206, Advanced Computer Networks
Cryptography
Cryptography Components
In cryptography, the encryption/decryption algorithms are
public; the keys are secret.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.49
Cryptography
Symmetric-Key Cryptography
In symmetric-key cryptography, the same key is used
by the sender (for encryption) and the receiver (for
decryption). The key is shared.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.50
Cryptography
Caesar cipher
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.51
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.17
MCA-206, Advanced Computer Networks
Cryptography
Transpositional cipher
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.52
Cryptography
DES
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.53
Cryptography
Triple DES
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.54
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.18
MCA-206, Advanced Computer Networks
Cryptography
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.55
Cryptography
Public Key Cryptography
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.56
Cryptography
RSA
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.57
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.19
MCA-206, Advanced Computer Networks
Cryptography
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.58
Cryptography
Privacy using Symmetric-Key Encryption
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.59
Cryptography
Privacy Using Asymmetric-Key Encryption
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.60
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.20
MCA-206, Advanced Computer Networks
Cryptography
Digital Signature
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.61
Cryptography
Signing the Whole Document
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.62
Cryptography
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.63
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.21
MCA-206, Advanced Computer Networks
Cryptography
HASH Function
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.64
Cryptography
Sender Site
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.65
Cryptography
Receiver Site
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.66
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.22
MCA-206, Advanced Computer Networks
IP Sec
Security in the Internet
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.67
IP Sec
Transport Mode
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.68
IP Sec
AH
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.69
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.23
MCA-206, Advanced Computer Networks
IP Sec
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.70
IP Sec
ESP
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.71
IP Sec
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.72
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.24
MCA-206, Advanced Computer Networks
IP Sec
Position of TLS
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.73
Cryptography
Handshake protocol
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.74
Cryptography
Record protocol
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.75
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.25
MCA-206, Advanced Computer Networks
Cryptography
PGP at Sender Site
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.76
Cryptography
PGP at Receiver Site
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.77
Summary
•Flow control regulates the amount of data a source can send
before receiving an acknowledgment from the destination. TCP
defines a window that is imposed on the buffer of data delivered
from the application program.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.78
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.26
MCA-206, Advanced Computer Networks
Summary
•TCP provides reliability using error control, which detects
corrupted, lost, out-of-order, and duplicated segments. Error
control in TCP is achieved through the use of the checksum,
acknowledgment, and time-out.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.79
Short Questions
1. Write a short note on Application programming interface
for IPV6.6 bone.
2. What do you mean by TCP – transaction oriented
application?
3. What is the basic difference between HTTP and secure
HTTP?
4 Write a short note on SSP
4.
5. What are the two different protocols defined by the
IPSec?
6. Define ESP and Authentication header.
7. What are the new options in TCP?
8. Discuss: Digital Signature and Digital Certificate in
Communication.
9. Explain briefly one-way Hash function.
10. What do you mean by transaction oriented application?
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.80
Long Questions
1. What are the four extensions to improve TCP
performance?
2. Explain IP Sec protocol.
3. When we talk about authentication in SSL, do we mean
message authentication or entity authentication? Explain.
4. Why we use Digital Signature and Digital Certificate in
Communication?
5. How Symmetric-Key distribution works and relates it with
Public Key Distribution?
6. What are the other new options in TCP for High Speed
Networks?
7. Explain DES encryption algorithm?
8. Comparison between Symmetric-Key and Asymmetric-
Key distribution in Cryptography.
9. Explain AH and ESP in IPSec protocol.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.81
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.27
MCA-206, Advanced Computer Networks
References
1. W. ER. Stevens, “TCP/IP illustrated, Volume 1: The
protocols”, Addison Wesley,1994.
2. G. R. Wright, “TCP/IP illustrated volume 2. The
Implementation”, Addison Wesley,1995.
3. Frouzan, “TCP/IP Protocol Suite”, Tata Mc Grew Hill, 4th
Ed., 2009.
4. William Stalling, “Cryptography and Network Security”,
Pearson Publication.
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.82
© Bharati Vidyapeeth’s Institute of Computer Applications and Management, New Delhi-63 by Vishal Jain U4.28